一、系統架構
IP | 主機名 | CPU | 內存 |
---|---|---|---|
192.168.1.14 | k8s-master | 2 | 2G |
192.168.1.15 | k8s-node1 | 2 | 4G |
192.168.1.16 | k8s-node2 | 2 | 4G |
k8s官方要求master節點至少2個CPU。
二、環境配置
在master和node節點進行以下配置:
1、配置k8s.conf參數
[root@k8s-master ~]# modprobe br_netfilter
[root@k8s-master ~]# vim /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@k8s-master ~]# sysctl -p /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
不然會出現如下報錯:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
2、永久關閉swap,註釋/etc/fstab文件裏swap相關的行:
[root@k8s-master ~]# swapoff -a
[root@k8s-master ~]# vim /etc/fstab
[root@k8s-master ~]# free -m
total used free shared buff/cache available
Mem: 3771 161 3424 11 185 3374
Swap: 0 0
3、關閉SELinux:
# 永久關閉 修改/etc/sysconfig/selinux文件設置
[root@k8s-master ~]# sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
# 臨時禁用selinux
[root@k8s-master ~]# setenforce 0
4、關閉防火牆:
[root@k8s-master ~]# systemctl stop firewalld && systemctl disable firewalld
5、修改hosts文件
[root@k8s-master ~]# vim /etc/hosts
192.168.1.14 k8s-master
192.168.1.15 k8s-node1
192.168.1.16 k8s-node2
三、安裝kubeadm和相關工具
1、安裝docker:
# step 1: 安裝必要的一些系統工具
[root@k8s-master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加軟件源信息
[root@k8s-master ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@k8s-master ~]# yum -y install docker-ce-18.06.1.ce-3.el7
[root@k8s-master ~]# systemctl enable docker && systemctl start docker
[root@k8s-master ~]# docker --version
Docker version 18.06.1-ce, build e68fc7a
2、配置k8s的yum源:
[root@k8s-master ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
3、安裝k8s組件,所有節點安裝kubeadm、kubectl和kubelet:
[root@k8s-master ~]# yum install -y kubelet kubeadm kubectl
[root@k8s-master ~]# systemctl enable kubelet && systemctl start kubelet
五、運行kubeadm init命令安裝Master
在開始之前需要注意:kubeadm的安裝過程不涉及網絡插件(CNI)的初始化,因此kubeadm初步安裝完成的集羣不具備網絡功能,任何Pod包括自帶的CoreDNS都無法正常工作。而網絡插件的安裝往往對kubeadm init命令的參數有一定的要求。例如,安裝Calico插件時需要指定–pod-network-cidr=10.244.0.0/16,詳情可參考https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network。
接下來使用kubeadm init命令,使用前面創建的配置文件進行集羣控制面的初始化:
[root@k8s-master ~]# kubeadm init \
--kubernetes-version=v1.18.0 \
--apiserver-advertise-address=192.168.1.14 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=10.244.0.0/16 \
--image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers
運行後,控制檯將輸出如下內容:
等待一段時間後,Kubernetes的Master安裝成功,顯示如下信息:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
#下面的意思是:在node上使用root用戶執行以下命令,可以作爲worker節點加入集羣
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.1.14:6443 --token mujhb5.vj7nz560bszzh1mo \
--discovery-token-ca-cert-hash sha256:2361b28f8668090fd8db6f990932c8281c5020493a79b67f5f2c5463ad4bdf03
這時要注意到裏面的三行內容,要執行一下這三條命令,再進行後續操作,讓node加入集羣:
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
六、安裝Node,加入集羣
在node1和node2執行命令,加入集羣:
[root@k8s-node1 ~]# kubeadm join 192.168.1.14:6443 --token mujhb5.vj7nz560bszzh1mo \
--discovery-token-ca-cert-hash sha256:2361b28f8668090fd8db6f990932c8281c5020493a79b67f5f2c5463ad4bdf03
出現以下內容說明成功加入集羣:
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster
上面的token值和hash值如果忘記了,可以使用以下命令找回:
獲取token:
[root@k8s-master ~]# kubeadm token list
獲取hash:
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
七、安裝網絡插件
執行kubectl get nodes命令,會發現Kubernetes提示Master爲NotReady狀態,
這是因爲還沒有安裝CNI網絡插件:
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 NotReady <none> 10d v1.18.2
k8s-node2 NotReady <none> 10d v1.18.2
使用docker pull 手動下載鏡像quay-mirror.qiniu.com/coreos/flannel:v0.12.0-amd64,然後打標籤即可(其他節點也要同樣操作):
[root@k8s-master ~]# docker pull quay-mirror.qiniu.com/coreos/flannel:v0.12.0-amd64
[root@k8s-master ~]# docker tag quay-mirror.qiniu.com/coreos/flannel:v0.12.0-amd64 quay.io/coreos/flannel:v0.12.0-amd64
下載好網絡插件所需要的鏡像,下面就根據kubeadm的提示安裝CNI網絡插件。對於CNI網絡插件,可以有許多選擇,請參考https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network的說明。
例如,選擇flannel插件,訪問https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml 將其中的代碼複製出來,創建名爲flannel.yml的文件,執行下面的命令即可完成安裝:
[root@k8s-master ~]# kubectl apply -f flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created
再查看pods狀態都是running了,node狀態也是Ready了:
[root@localhost ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7ff77c879f-5tpl5 1/1 Running 0 13m
kube-system coredns-7ff77c879f-qksmj 1/1 Running 0 13m
kube-system etcd-k8s-master 1/1 Running 0 13m
kube-system kube-apiserver-k8s-master 1/1 Running 0 13m
kube-system kube-controller-manager-k8s-master 1/1 Running 0 13m
kube-system kube-flannel-ds-amd64-8lw8s 1/1 Running 0 17s
kube-system kube-flannel-ds-amd64-fmfcq 1/1 Running 0 17s
kube-system kube-flannel-ds-amd64-x8qhv 1/1 Running 0 17s
kube-system kube-proxy-272ss 1/1 Running 0 7m45s
kube-system kube-proxy-9dgln 1/1 Running 0 13m
kube-system kube-proxy-sp574 1/1 Running 0 7m44s
kube-system kube-scheduler-k8s-master 1/1 Running 0 13m
查看node狀態:
[root@localhost ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 26m v1.18.2
k8s-node1 Ready <none> 19m v1.18.2
k8s-node2 Ready <none> 19m v1.18.2
八、節點管理
在master節點查看節點狀態:
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 Ready <none> 10d v1.18.2
k8s-node2 Ready <none> 10d v1.18.2
此時看到node1的ROLES是,如果要將其改爲master,則使用以下命令:
[root@k8s-master ~]# kubectl label node k8s-node1 node-roler.kubernetes.io/master=
node/k8s-node1 labeled
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 Ready master 10d v1.18.2
k8s-node2 Ready <none> 10d v1.18.2
如果要將node1的master刪除,則使用:
[root@k8s-master ~]# kubectl label node k8s-node1 node-roler.kubernetes.io/master-
node/k8s-node1 labeled
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 Ready <none> 10d v1.18.2
k8s-node2 Ready <none> 10d v1.18.2
要將其改爲node,則使用:
[root@k8s-master ~]# kubectl label node k8s-node1 node-roler.kubernetes.io/node=
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 Ready node 10d v1.18.2
k8s-node2 Ready <none> 10d v1.18.2
將node1的ROLES刪除node:
[root@k8s-master ~]# kubectl label node k8s-node1 node-roler.kubernetes.io/node-
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 Ready <none> 10d v1.18.2
k8s-node2 Ready <none> 10d v1.18.2
kubeadm在Master上也安裝了kubelet,在默認情況下並不參與工作負載。如果希望安裝一個單機All-In-One的Kubernetes環境,則可以執行下面的命令(刪除Node的Label“node-role.kubernetes.io/master”),讓Master成爲一個Node:
[root@k8s-master ~]# kubectl taint nodes –all-role.kubernetes.io/master